When executing an application, with the help of a portable data carrier there can be ensured a high security against manipulations when the portable data carrier is formed in a manipulation-proof manner. This is of greatest importance for example for applications with which cashless payment transactions are carried out. But the manipulation protection is only ensured, when the application is executed within the portable data carrier.
For executing an application, however, in many cases in addition to the portable data carrier an external device is required. If this is a device protected against manipulations, such as for example a chip card reader of a high safety class, normally this will not lead to security problems. But often there are used devices which are not protected against manipulations or are only insufficiently protected, such as for example a personal computer. As to be able to carry out a transaction with a remotely disposed server, in addition, an online connection is required, for example via the Internet. This involves the risk of manipulations by viruses or Trojans. For example, the data displayed on the screen of the personal computer can be tampered by these manipulations. In a home banking application this can lead to the displayed transaction data varying from the actual transaction data and thus the user actually releases a different transaction than he intends to according to the displayed data.
A possibility to defend such attacks is to integrate a display unit and a confirmation device in the portable data carrier. From WO 2004/032414 A1 a method for the digital signing of data by a user is known. Here the data to be signed are transmitted to a chip card, which is used as a signing device. The data are displayed to the user by the chip card. By the user operating a confirmation device, the data are digitally signed with the help of a processor.
From DE 10 2004 046 847 A1 is known a method for generating a digital signature for data to be signed by a user by means of a portable data carrier. With this method identification data for the data to be signed are determined in a server and compared with comparative data. In the server a selection of the data to be signed is determined and displayed to the user. When after the step of displaying a release of the signature generation is effected by the user, the signature is generated in the portable data carrier. The display is effected, for example, on a display unit of the portable data carrier or a manipulation-protected terminal. Likewise, it is possible to use a mobile terminal for the display to which the display data and/or identification data are transmitted by the server.
However, a portable data carrier, such as for example a chip card, having a display device is relatively complex. Manipulation-protected terminals are also relatively complex and expensive and hardly suitable for applications, for which a low-cost infrastructure is required.
WO 2006/029758A1 discloses a method for releasing an access in a or via a computer network, to which a terminal is connected at least temporarily. The terminal can be, for example, a personal computer, a telephone or a personal digital assistant. With the known method a data connection between the terminal and a portable device for providing access data, for example a chip card or a token, is established. The portable device is integrated in a communication path between the terminal and the computer network. With the help of the access data the release of the access is triggered.
The invention is based on the object to achieve a protection against manipulations as good as possible and with reasonable effort when executing an application with the help of a portable data carrier in which an external device is involved.